Fixing language per #649

OWASP · Mar 13, 2021 · dbfd721 · dbfd721
1 parent ed91527
commit dbfd721
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/4.0/en/0x21-V13-API.md b/4.0/en/0x21-V13-API.md
@@ -60,11 +60,11 @@ Note: Due to issues with XXE attacks against DTDs, DTD validation should not be
 | # | Description | L1 | L2 | L3 | CWE |
 | :---: | :--- | :---: | :---:| :---: | :---: |
 | **13.5.1** | Verify that WebSocket Secure (wss) is used for all WebSocket connections. | ✓ | ✓ | ✓ | 319 |
-| **13.5.2** | Verify that, during the initial HTTP WebSocket handshake, the Origin header is checked against a whitelist of authorized origins. | ✓ | ✓ | ✓ | 346 |
-| **13.5.3** | Verify that rate limiting is in place for WebSocket messages | ✓ | ✓ | ✓ | 770 |
-| **13.5.4** | If you are using session or channel tokens specific to WebSocket, verify that the tokens possess at least 64 bits of entropy and are generated using approved cryptographic algorithms. | ✓ | ✓ | ✓ | 331 |
-| **13.5.5** | If you are using session or channel tokens specific to WebSocket, verify that the tokens are initially obtained from a response to secure POST request only, and are not sent by the server through the WebSocket connection. | ✓ | ✓ | ✓ | 319 |
-| **13.5.6** | If only authenticated users should be able to use WebSockets, verify that authentication is done before opening the WebSocket connection. | ✓ | ✓ | ✓ | 306 |
+| **13.5.2** | Verify that, during the initial HTTP WebSocket handshake, the Origin header is checked against an allow list of authorized origins. | ✓ | ✓ | ✓ | 346 |
+| **13.5.3** | Verify that rate limiting is in place for WebSocket messages. | ✓ | ✓ | ✓ | 770 |
+| **13.5.4** | Verify that tokens possess at least 64 bits of entropy and are generated using approved cryptographic algorithms if session or channel tokens specific to WebSockets are being used. | ✓ | ✓ | ✓ | 331 |
+| **13.5.5** | Verify that the tokens are initially obtained from a response to secure POST request only, and are not sent by the server through the WebSocket connection if session or channel tokens specific to WebSockets are being used. | ✓ | ✓ | ✓ | 319 |
+| **13.5.6** | Verify that authentication is done before opening the WebSocket connection if only authenticated users should be able to use WebSockets. | ✓ | ✓ | ✓ | 306 |
 
 ## References